connect(); // MyNG setting up... init(); // Set up the language modules_get_language(); // Templates $t = new Template($_SESSION['conf_system_root']."/themes/".$_SESSION['conf_vis_theme']."/templates/"); $admin_host = str_replace("www.", "", $_SERVER['SERVER_NAME']); $form .= '

Please insert the code you have received in the e-mail into the form below.

Confirmation Code:    

'; // Check if the user pushed 'register!' if(isset($_POST['email']) || isset($_POST['id_user'])){ // SANITIZE QUERY if(isset($_POST['id_user']) && $_POST['id_user'] != '' ) { $id_user = sanitize_input($_POST['id_user']); //echo "checking user: $id_user"; $query = "SELECT usr_passwd,usr_email FROM myng_user WHERE usr_name = '" . $id_user."';"; $db->query($query); if($db->num_rows() != 0) { $db->next_record(); $password = $db->Record['usr_password']; $email = $db->Record['usr_email']; if(mail_reset_code($email,$id_user)) { $system_info = "A password reset confirmation request has been sent!"; $message = 'You are almost done! Please check your e-mail inbox for the password reset confirmation request that we sent to the email address you have provided. Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $message .= $form; $user_found=1; } else { $system_info = "Error sending the password reset confirmation message!"; $message = 'Error sending the password reset confirmation message! Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $user_found=1; } } else { if(isset($_POST['email']) && $_POST['email'] != '') { $email = sanitize_input($_POST['email']); //echo "checking e-mail: $email"; $query = "SELECT usr_passwd,usr_name FROM myng_user WHERE usr_email = '" . $email."';"; $db->query($query); if($db->num_rows() != 0) { $db->next_record(); $password = $db->Record['usr_password']; $id_user = $db->Record['usr_name']; // INSERT PASSWORD RANDOMIZING CODE HERE if(mail_reset_code($email,$id_user)) { $system_info = "A password reset confirmation request has been sent!"; $message = 'You are almost done! Please check your e-mail inbox for the password reset confirmation request that we sent to the e-mail address you have provided. Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $message .= $form; $user_found=1; } else { $system_info = "Error sending the password reset message!"; $message = 'Error sending the password reset message ! Please make sure you have ' . $admin_host .' in your list of allowed domains if using e-mail spam filter.'; $user_found=1; } } else { //echo "e-mail $email not found"; } } } } if ($user_found==0) { $system_info = "Error: no such user or e-mail
"; $message = $system_info; } // Something has happended $left_bar = manage_login(time(),$t,$db); $main = "pass_reset.htm"; $t->set_file("main",$main); //$t->set_var("error","Error: ".$response['message']."
"); $t->set_var("id_user",$id_user); $t->set_var("email",$email); // Show the text of the template in the required language }else{ // Just show a blank password reset form $left_bar = manage_login(time(),$t,$db); $system_info = "Please provide your user name or e-mail"; $message = ' Please provide your user name or e-mail that you used when registered here and we will send a new password to your registered e-mail address.
user name: 
email: 
'; } $you_are_here = '
Password Reset Form
'; $t->set_var("you_are_here",$you_are_here); $main = "pass_reset.htm"; $t->set_file("main",$main); $t->set_var("Result",$message); $t->set_var("id_user",$_POST['id_user']); $t->set_var("email",$_POST['email']); $t->set_var("country",$_POST['country']); $t->set_var("usr_text",$_POST['usr_text']); // Show all the page show_layout($t,$left_bar,$system_info,MYNG_VERSION); function mail_reset_code($email,$id_user) { $db=new My_db; $db->connect(); // BUILD PASSWORD RESET CODE HERE $code = $email . 'per*aspera#ad@astra' . $id_user . time(); // OK, save the password now $hashedpass = md5($code); //garble it first ;-) $query = "UPDATE myng_user SET usr_reset_code='".$hashedpass."' WHERE usr_name = '" . $id_user."';"; $db->query($query); if($db->num_rows() == 0) { global $system_info; global $message; $system_info = "Error: cannot update user's record with the reset code - please contact the site administrator"; $message = $system_info; } $mail = new PHPMailer(); $mail->IsSendmail(); // set mailer to use sendmail() //$mail->Host = "smtp1.example.com;smtp2.example.com"; // specify main and backup server //$mail->SMTPAuth = true; // turn on SMTP authentication //$mail->Username = "jswan"; // SMTP username //$mail->Password = "secret"; // SMTP password //$admin_host = preg_replace("/(.*?)\.(.*)/","\\2",$_SERVER['SERVER_NAME']); $admin_host = str_replace("www.", "", $_SERVER['SERVER_NAME']); $admin_email = "info@" . $admin_host; $mail->Sender = $admin_email; $mail->Hostname = $admin_host; $mail->From = $admin_email; $mail->FromName = "Password Reset Request"; $mail->AddAddress("$email", $id_user); //$mail->AddAddress("ellen@example.com"); // name is optional $mail->AddReplyTo("$admin_email", "Administrator"); $mail->WordWrap = 50; // set word wrap to 50 characters //$mail->AddAttachment("/var/tmp/file.tar.gz"); // add attachments //$mail->AddAttachment("/tmp/image.jpg", "new.jpg"); // optional name $reset_URL = 'http://' . $_SERVER['SERVER_NAME'] . $_SESSION['conf_system_prefix'] . "confirm.php?c=" . $hashedpass; $mail->IsHTML(false); // set email format to HTML $mail->Subject = "Your attention required: Password reset request from " . ucwords($admin_host); $mail->Body = "Hello $id_user, \n
Someone (hopefully you) has requested a password reset for your account at " . ucwords($admin_host); $mail->Body .= "\n
This is your password reset code \n
\n
" . $hashedpass; $mail->Body .= "\n
\n
You can copy this code and paste it into the form on the password reset page"; $mail->Body .= "\n
Or you can just visit this page to confirm password reset: " . $reset_URL . ""; $mail->Body .= "\n
If you have not initiated this request, please ignore this message. Your password will not be reset. \n
"; $mail->Body .= "\n
If these messages persist without you initiating the reset, please report this activity to us at " . $_SERVER['SERVER_NAME'] . $_SESSION['conf_system_prefix'] . "contact.php"; $mail->AltBody = "Hello $id_user, \n Someone (hopefully you) has requested a password reset for your account at " . ucwords($admin_host); $mail->AltBody .= "\nThis is your password reset code \n\n" . $hashedpass ; $mail->AltBody .= "\n\nYou can copy this code and paste it into the form on the password reset page"; $mail->AltBody .= "\nOr you can just visit this page to confirm password reset: ". $reset_URL; $mail->AltBody .= "\nIf you have not initiated this request, please ignore this message. Your password will not be reset. \n "; $mail->AltBody .= "\nIf these messages persist without you initiating the reset, please report this activity to us at " . $_SERVER['SERVER_NAME'] . $_SESSION['conf_system_prefix'] . "contact.php"; if(!$mail->Send()) { echo "Message could not be sent.

"; echo "Mailer Error: " . $mail->ErrorInfo; return false; exit; } else { return true; } } function genpassword($length){ srand((double)microtime()*1000000); $vowels = array("a", "e", "i", "o", "u"); $cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl"); $num_vowels = count($vowels); $num_cons = count($cons); for($i = 0; $i < $length; $i++){ $password .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)]; } return substr($password, 0, $length); } ?>